ISTI-ansible-roles
/
ansible-role-nginx
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make ssl stapling conditional

This commit is contained in:
Andrea Dell'Amico 2023-07-13 13:10:04 +02:00
parent b25d586850
commit 6d5a8f6fa8
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
2 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
defaults/main.yml
View File

@ -15,6 +15,7 @@ nginx_org_modules: []
nginx_ssl_level: intermediate nginx_ssl_level: intermediate
nginx_ssl_session_cache_size: '8096k' nginx_ssl_session_cache_size: '8096k'
nginx_ssl_session_timeout: '10m' nginx_ssl_session_timeout: '10m'
nginx_ssl_stapling: true
nginx_strict_transport_security_expire: 15768000 nginx_strict_transport_security_expire: 15768000
nginx_strict_transport_security_include_subdomains: False nginx_strict_transport_security_include_subdomains: False

2
templates/nginx-server-ssl.conf.j2
View File

@ -38,8 +38,10 @@ ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDS
ssl_prefer_server_ciphers off; ssl_prefer_server_ciphers off;
{% endif %} {% endif %}
{% if ansible_distribution_version is version_compare('14.04', '>=') %} {% if ansible_distribution_version is version_compare('14.04', '>=') %}
{% if nginx_ssl_stapling %}
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
{% endif %}
{% if letsencrypt_acme_install is defined and letsencrypt_acme_install %} {% if letsencrypt_acme_install is defined and letsencrypt_acme_install %}
ssl_trusted_certificate {{ letsencrypt_acme_certs_dir }}/fullchain; ssl_trusted_certificate {{ letsencrypt_acme_certs_dir }}/fullchain;
{% else %} {% else %}